Warnings Issued: Malicious Software Found to Sneakily Swipe Banking Details Using Windows Utilities
In a concerning development for cybersecurity, a new variant of the Coyote malware has been discovered, exploiting Microsoft's UI Automation (UIA) framework to steal sensitive user data. This malware is the first known to abuse UIA in the wild, making it highly stealthy and effective.
The malware, primarily targeting users in Brazil, has set its sights on 75 banking institutions and cryptocurrency platforms in the country. It works by monitoring the active window using Windows APIs like GetForegroundWindow(), then comparing the window title against a hardcoded list of targeted bank and crypto exchange websites. If a match isn't found by window title, it uses UIA to examine UI child elements, such as browser tabs and address bars, to identify whether the user is visiting any of the targeted sites.
Once identified, Coyote extracts data from these UI elements to harvest login credentials stealthily. The malware also uses keylogging and phishing overlay techniques as part of its multifaceted data theft strategy. By exploiting UIA, Coyote can bypass many endpoint detection and response (EDR) solutions, making it difficult to detect and remove.
This abuse of UIA confirms earlier theoretical warnings by researchers about its potential as a stealthy malicious vector. Cybersecurity researchers at Akamai have discovered this new version's use of the Microsoft UI Automation (UIA) framework to spy on users.
If the window title doesn't provide a match, the malware uses the UI Automation tool to read the website address directly from the browser. The information sent includes the computer's name, system specifications, and the financial services being used. Once the system is infected, the malware sends detailed information to a command-and-control (C2) server operated by the attackers.
To stay protected, users are advised to remain vigilant, keep their security software up to date, and avoid downloading apps from untrusted sources. As the Coyote malware could potentially expand globally, it's crucial for users worldwide to be aware of this threat and take necessary precautions.
- Smartphones users, especially in Brazil, need to be cautious when securing their financial data, as the recent version of the Coyote malware, which exploits Microsoft's UI Automation (UIA) framework, has been found to target 75 banking institutions and cryptocurrency platforms in the country.
- The increasingly sophisticated Coyote malware, known for its ability to bypass many endpoint detection and response (EDR) solutions, has raised concerns in the field of cybersecurity, emphasizing the importance of technology companies taking proactive steps in strengthening cybersecurity measures to protect users from such stealthy attacks on their sensitive financial data.
